shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-26 06:50:09 +03:00
Code Releases Wiki Activity

Bug #4337: IP spoofing filters DHCP communication

Browse Source 
Don't filter UDP DHCP traffic from 0.0.0.0/32 port 68 to
255.255.255.255/32 port 67.
This commit is contained in:
Vlastimil Holer 2016-02-16 12:51:49 +01:00
parent d397116db9
commit 030b0472b5
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/vnm_mad/remotes/lib/security_groups_iptables.rb
View File

@ -271,6 +271,7 @@ module SGIPTables
# IP-spofing
if nic[:filter_ip_spoofing] == "YES"
commands.add :iptables, "-A #{chain_out} -p udp --source 0.0.0.0/32 --sport 68 --destination 255.255.255.255/32 --dport 67 -j ACCEPT"
commands.add :iptables, "-A #{chain_out} ! --source #{nic[:ip]} -j DROP"
end